Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Using public LDAP directories for attack preparation

From: "Per Thorsheim" <per () thorsheim net>
Date: Wed, 27 Sep 2006 20:27:57 +0200
I've seen a quite a few publicly available LDAP directories on the Internet
containing names, e-mail addresses and other employee information for a
company.

Besides the obvious possibility of harvesting working e-mail addresses for
spam purposes, has anyone successfully used such externally available
directories for doing targeted social engineering attacks as part of a
pentest?

Regards,
Per Thorsheim
CISA, CISM, CISSP



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: